CN113853769A - Setting device, communication system, and vehicle communication management method - Google Patents

Setting device, communication system, and vehicle communication management method Download PDF

Info

Publication number
CN113853769A
CN113853769A CN202080038012.7A CN202080038012A CN113853769A CN 113853769 A CN113853769 A CN 113853769A CN 202080038012 A CN202080038012 A CN 202080038012A CN 113853769 A CN113853769 A CN 113853769A
Authority
CN
China
Prior art keywords
unit
setting
new
vehicle
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202080038012.7A
Other languages
Chinese (zh)
Other versions
CN113853769B (en
Inventor
山本祐辅
萩原刚志
吴达玛万
清水洋祐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sumitomo Wiring Systems Ltd
AutoNetworks Technologies Ltd
Sumitomo Electric Industries Ltd
Original Assignee
Sumitomo Wiring Systems Ltd
AutoNetworks Technologies Ltd
Sumitomo Electric Industries Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sumitomo Wiring Systems Ltd, AutoNetworks Technologies Ltd, Sumitomo Electric Industries Ltd filed Critical Sumitomo Wiring Systems Ltd
Publication of CN113853769A publication Critical patent/CN113853769A/en
Application granted granted Critical
Publication of CN113853769B publication Critical patent/CN113853769B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/48Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

A network having a new configuration is flexibly constructed by a simple process while ensuring security in the network. The setting device has: an acquisition section that acquires an authentication result of a new function section that is a function section newly added in an in-vehicle network including one or more function sections; and a setting unit configured to perform, when the authentication result acquired by the acquisition unit is a positive result, a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, and the new functional unit to communicate with the existing functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit.

Description

Setting device, communication system, and vehicle communication management method
Technical Field
The present disclosure relates to a setting device, a communication system, and a vehicle communication management method.
The present application claims priority based on japanese patent application No. 2019-101427, filed on 30/5/2019, the entire disclosure of which is incorporated herein by reference.
Background
Patent document 1 (japanese patent application laid-open No. 2008-59450) discloses a vehicle information rewriting system as follows. That is, the vehicle information rewriting system is a system in which a rewriting tool functioning as a data transmission source is detachably connected to a vehicle control unit via a communication unit, and the stored contents of a vehicle information storage unit are rewritten based on rewriting data transferred from the rewriting tool via the communication unit, wherein the vehicle control unit has a main control unit including a CPU, and executes predetermined software based on the main control unit to perform control processing of an electronic device mounted on an automobile, and the vehicle information storage unit is provided on the vehicle control unit side as a nonvolatile memory and stores vehicle information including the software, and the vehicle information rewriting system is characterized in that the rewriting tool is provided with: an operation mode switching means for switching and setting a permitted rewriting mode in which rewriting of the stored content of the vehicle information storage unit is permitted and a restricted rewriting mode in which rewriting is restricted compared with the permitted rewriting mode; a wireless polling unit that wirelessly polls a wireless authentication medium to detect the wireless authentication medium to be attached to a person qualified for use of the rewriting tool when rewriting is performed using the rewriting tool; and a mode switching instruction unit that instructs the operation mode switching unit to switch to the rewrite-allowed mode on the premise that the wireless authentication medium is successfully detected by the wireless polling.
Further, patent document 2 (japanese patent application laid-open No. 2003-46536) discloses a relay device for a vehicle as follows. That is, a relay device for a vehicle, which is disposed between an on-vehicle LAN constructed in a vehicle and a communication device for performing data communication with an off-vehicle device and relays communication between the off-vehicle device connected via the communication device and various in-vehicle electronic devices connected to the on-vehicle LAN, includes: a first identification unit that, when there is an access request to access an in-vehicle electronic device in the in-vehicle LAN from an off-vehicle device, identifies an access destination thereof, and determines, based on the identification result, whether or not the access request is an access request to access the in-vehicle electronic device requiring authentication of the off-vehicle device; a first authentication unit that, when the first identification unit determines that the access request is an access request for which authentication of the external device is required, determines whether the external device is an external device that is permitted to access the in-vehicle electronic device in advance, based on first authentication information transmitted from the external device; and a first distribution unit that distributes communication data transmitted from the device outside the vehicle via the communication device to the in-vehicle electronic device of an access destination when the first authentication unit determines that the device outside the vehicle from which the access request is issued is a device outside the vehicle that is permitted to access the in-vehicle electronic device in advance, or when the first identification unit determines that the access request is an access request for which authentication of the device outside the vehicle is not required.
Documents of the prior art
Patent document
Patent document 1: japanese patent laid-open No. 2008-59450
Patent document 2: japanese patent laid-open publication No. 2003-46536
Disclosure of Invention
The setting device of the present disclosure includes: an acquisition section that acquires an authentication result of a new function section that is a function section newly added in an in-vehicle network including one or more function sections; and a setting unit configured to perform, when the authentication result acquired by the acquisition unit is a positive result, a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, and the new functional unit to communicate with the existing functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit.
The communication system of the present disclosure includes a setting device and a new function unit that is newly added to a vehicle-mounted network, the in-vehicle network includes one or more functional units, the setting device acquires information that is transmitted from the new functional unit and that is capable of specifying the functional unit that is the communication partner of the new functional unit, the setting device acquires the authentication result of the new functional unit, in the case where the acquired authentication result is a positive result, the setting device transmits, to the new function unit, setting information for causing the existing function unit and the new function unit to communicate via a plurality of relay devices, the existing functional section is a functional section included in the in-vehicle network before the new functional section is added, the plurality of relay devices can relay information between the function units, and the new function unit performs its own setting based on the setting information received from the setting device.
A vehicle communication management method of the present disclosure is a vehicle communication management method in a setting device, the vehicle communication management method including the steps of: acquiring an authentication result of a new functional section, the new functional section being a functional section newly added in an in-vehicle network including one or more functional sections; and performing, when the obtained authentication result is a positive result, a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, to communicate with the new functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit.
A vehicle communication management method of the present disclosure is a vehicle communication management method in a communication system provided with a setting device and a new function section that is a function section newly added in an in-vehicle network including one or more function sections, the vehicle communication management method including the steps of: the setting device acquires information that is transmitted from the new function unit and that can specify the function unit to which the new function unit is to be communicated; the setting device acquires an authentication result of the new function unit; in a case where the acquired authentication result is a positive result, the setting device transmits, to the new function section, setting information for causing an existing function section, which is a function section included in the in-vehicle network before the new function section is added, and the new function section to communicate via a plurality of relay devices capable of relaying information between the function sections; and the new function unit performs its own setting based on the setting information received from the setting device.
An aspect of the present disclosure may be implemented as a semiconductor integrated circuit that implements part or all of the setting means. In addition, an aspect of the present disclosure may be realized as a program for causing a computer to execute steps of processing in a setting device.
In addition, an aspect of the present disclosure may be implemented as a semiconductor integrated circuit that implements part or all of a communication system. In addition, an aspect of the present disclosure may be realized as a program for causing a computer to execute steps of processing in a communication system.
Drawings
Fig. 1 is a diagram showing a configuration of a communication system according to an embodiment of the present disclosure.
Fig. 2 is a diagram showing setting information in the in-vehicle network according to the embodiment of the present disclosure.
Fig. 3 is a diagram showing a configuration of a relay device according to an embodiment of the present disclosure.
Fig. 4 is a diagram showing a configuration of a communication system according to an embodiment of the present disclosure.
Fig. 5 is a diagram showing an example of a configuration in a new network of the communication system according to the embodiment of the present disclosure.
Fig. 6 is a diagram illustrating an example of setting information in a new network according to an embodiment of the present disclosure.
Fig. 7 is a diagram showing another example of the configuration in the new network of the communication system according to the embodiment of the present disclosure.
Fig. 8 is a diagram showing another example of the setting information in the new network according to the embodiment of the present disclosure.
Fig. 9 is a flowchart defining an operation procedure when the relay device constructs a new network in the communication system according to the embodiment of the present disclosure.
Fig. 10 is a diagram showing an example of a sequence of a new network building process in the communication system according to the embodiment of the present disclosure.
Fig. 11 is a diagram showing another example of the sequence of the new network building process in the communication system according to the embodiment of the present disclosure.
Detailed Description
In the past, in-vehicle network systems for improving security in-vehicle networks have been developed.
[ problem to be solved by the present disclosure ]
There is a demand for a technique that can flexibly construct a network having a new configuration with simple processing while ensuring security in the network, in excess of the techniques described in patent documents 1 and 2.
The present disclosure has been made to solve the above-described problems, and an object of the present disclosure is to provide a setting device, a communication system, and a vehicle communication management method that can flexibly construct a network having a new configuration by simple processing while ensuring security in the network.
[ Effect of the present disclosure ]
According to the present disclosure, a network having a new configuration can be flexibly constructed by a simple process while ensuring security in the network.
[ description of embodiments of the present disclosure ]
First, the contents of the embodiments of the present disclosure are listed for explanation.
(1) The setting device according to an embodiment of the present disclosure includes: an acquisition section that acquires an authentication result of a new function section that is a function section newly added in an in-vehicle network including one or more function sections; and a setting unit configured to perform, when the authentication result acquired by the acquisition unit is a positive result, a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, and the new functional unit to communicate with the existing functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit.
In this way, when the authentication result of the new function unit is positive, the configuration in which the setting device performs the setting process related to at least one of the relay device, the existing function unit, and the new function unit for causing the existing function unit and the new function unit to communicate via the plurality of relay devices can omit the authentication process of a part of the relay devices in the in-vehicle network with respect to the new function unit, for example, when constructing a network for causing the existing function unit and the new function unit to communicate via the plurality of relay devices. Therefore, a network having a new configuration can be flexibly constructed by a simple process while ensuring security in the network.
(2) Preferably, the setting device further includes a storage unit that stores setting information for causing each of the functional units in the in-vehicle network to communicate, and the setting unit performs the setting process based on the setting information in the storage unit.
In this way, the configuration in which the storage unit holds the setting information of the in-vehicle network having a substantially fixed network configuration and the setting information of the new in-vehicle network is generated using the setting information of the existing in-vehicle network acquired from the storage unit when the new in-vehicle network including the new functional unit is constructed can simplify the construction process of the new in-vehicle network.
(3) Preferably, the setting unit performs the setting process using a virtual network for transmitting, to the function units, setting information for causing the function units in the in-vehicle network to communicate.
According to this configuration, since the setting information can be transmitted from the setting device to each functional unit in the in-vehicle network using the virtual network, the setting process for each functional unit can be simplified.
(4) Preferably, the setting unit performs, as the setting process, a process of constructing a new virtual network for causing the new functional unit to communicate with one or more existing functional units to which the new functional unit is to communicate.
With this configuration, it is possible to suppress adverse effects such as unauthorized access to an existing functional unit that is not a communication target of the new functional unit, as new functional units are added to the in-vehicle network.
(5) Preferably, when an existing virtual network is established, which is a virtual network for performing communication only by one or more existing functional units to be communicated with the new functional unit, the setting unit performs, as the setting process, a setting process relating to the new functional unit and the relay device for causing the new functional unit to perform communication with the one or more existing functional units to be communicated with using the existing virtual network.
According to this configuration, by performing the setting process of adding the new function unit to the existing virtual network, it is not necessary to perform the process of constructing the new network for performing communication only by the new function unit and the existing function unit to be communicated with.
(6) A communication system according to an embodiment of the present disclosure includes a setting device and a new function unit, the new functional section is a functional section newly added in an in-vehicle network including one or more functional sections, the setting device acquires information that is transmitted from the new function unit and that can specify the function unit to which the new function unit is to be communicated, the setting device acquires the authentication result of the new function unit, in a case where the acquired authentication result is a positive result, the setting device transmits, to the new function unit, setting information for causing the function unit as the communication target and the new function unit to communicate via a plurality of relay devices, the plurality of relay devices can relay information between the function units, and the new function unit performs its own setting based on the setting information received from the setting device.
In this way, by configuring such that the setting device transmits the setting information for causing the existing function unit and the new function unit as the communication targets to communicate with each other via the plurality of relay devices to the new function unit when the authentication result of the new function unit is positive, it is possible to omit the authentication process of some of the relay devices in the in-vehicle network with respect to the new function unit, for example, when constructing a network for causing the existing function unit and the new function unit to communicate with each other via the plurality of relay devices. Therefore, a network having a new configuration can be flexibly constructed by a simple process while ensuring security in the network.
(7) A vehicle communication management method according to an embodiment of the present disclosure is a vehicle communication management method in a setting device, including: acquiring an authentication result of a new functional section, the new functional section being a functional section newly added in an in-vehicle network including one or more functional sections; and performing, when the obtained authentication result is a positive result, a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, to communicate with the new functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit.
In this way, by the method in which the setting device performs the setting processing relating to at least any one of the relay device, the existing function unit, and the new function unit for causing the existing function unit and the new function unit to communicate via the plurality of relay devices when the authentication result of the new function unit is a positive result, it is possible to omit the authentication processing of the new function unit by a part of the relay devices in the in-vehicle network and the like, for example, when constructing a network for causing the existing function unit and the new function unit to communicate via the plurality of relay devices. Therefore, a network having a new configuration can be flexibly constructed by a simple process while ensuring security in the network.
(8) A vehicle communication management method according to an embodiment of the present disclosure is a vehicle communication management method in a communication system including a setting device and a new function unit that is a function unit newly added to an in-vehicle network including one or more function units, the method including: the setting device acquires information that is transmitted from the new function unit and that can specify the function unit to which the new function unit is to be communicated; the setting device acquires an authentication result of the new function unit; in a case where the acquired authentication result is a positive result, the setting device transmits, to the new function unit, setting information for causing the function unit that is the communication target and the new function unit to communicate via a plurality of relay devices that can relay information between the function units; and the new function unit performs its own setting based on the setting information received from the setting device.
In this way, by the method in which the setting device transmits the setting information for causing the existing function unit and the new function unit as the communication targets to communicate via the plurality of relay devices to the new function unit when the authentication result of the new function unit is a positive result, it is possible to omit the authentication processing of the new function unit by some of the relay devices in the in-vehicle network, and the like, for example, when constructing a network for causing the existing function unit and the new function unit to communicate via the plurality of relay devices. Therefore, a network having a new configuration can be flexibly constructed by a simple process while ensuring security in the network.
Hereinafter, embodiments of the present disclosure will be described with reference to the drawings. Note that the same or corresponding portions in the drawings are denoted by the same reference numerals, and overlapping description thereof is omitted. At least some of the embodiments described below may be arbitrarily combined.
[ communication System ]
Fig. 1 is a diagram showing a configuration of a communication system according to an embodiment of the present disclosure.
Referring to fig. 1, communication system 300 includes one or more in-vehicle ECUs (Electronic Control units) 111, a plurality of relay devices 100, and a server 200.
More specifically, the communication system 300 includes the in-vehicle ECUs 111A to 111D as the in-vehicle ECU111, and includes the relay device 100A and the relay device 100B as the relay device 100. The relay device 100A is an example of a setting device.
The in-vehicle ECU111 is, for example, a TCU (Telematics Unit), an autopilot ECU, an engine ECU, a sensor, a navigation device, a human-machine interface, a camera, and the like. The TCU communicates with a device outside the vehicle, for example, the server 200, via a radio base station and the like not shown.
The relay device 100 is, for example, a gateway device and can relay information between a plurality of in-vehicle ECUs 111 connected to the relay device. More specifically, the relay device 100 can perform relay processing for the second layer and the third layer higher than the second layer, for example.
The in-vehicle ECU111 is an example of a functional section in the in-vehicle network 12. The in-vehicle ECU111 and the relay device 100 constitute the in-vehicle network 12.
Note that the communication system 300 is not limited to a configuration including four in-vehicle ECUs 111, and may be a configuration including one, two, three, or five or more in-vehicle ECUs 111. The communication system 300 is not limited to the configuration including two relay devices 100, and may include three or more relay devices 100.
The connection relationship of each functional unit in the on-vehicle network 12 of the vehicle is fixed, for example.
In the in-vehicle network 12, the in-vehicle ECU111 is connected to the relay device 100 via, for example, an ethernet (registered trademark) cable 11.
More specifically, the relay device 100A includes communication ports 1A, 2A, 3A, and 4A. The relay device 100B includes communication ports 1B, 2B, 3B, and 4B. The communication ports 1A, 2A, 3A, 4A, 1B, 2B, 3B, 4B are terminals to which an ethernet cable 11 can be connected, for example.
The in-vehicle ECU111A is connected to the communication port 2A in the relay device 100A via the ethernet cable 11.
The in-vehicle ECU111B is connected to the communication port 3A in the relay device 100A via the ethernet cable 11.
The in-vehicle ECU111C is connected to the communication port 2B in the relay device 100B via the ethernet cable 11.
The in-vehicle ECU111D is connected to the communication port 3B in the relay device 100B via the ethernet cable 11.
The communication port 4A in the relay apparatus 100A and the communication port 1B in the relay apparatus 100B are connected to each other via an ethernet cable 11.
The relay device 100 performs relay processing of the ethernet frame in accordance with the communication standard of the ethernet network. Specifically, the relay device 100 relays, for example, ethernet frames that are exchanged between the in-vehicle ECUs 111. And storing the IP data packet in the Ethernet frame.
Note that the communication system 300 is not limited to a configuration in which ethernet frames are relayed in accordance with the communication standard of ethernet, and may be a configuration in which data is relayed in accordance with a communication standard such as CAN (Controller Area Network) (registered trademark), FlexRay (registered trademark), MOST (Media Oriented Systems Transport) (registered trademark), or LIN (Local Interconnect Network).
One or more virtual networks are built in the in-vehicle network 12. Specifically, the in-vehicle ECU111A and the in-vehicle ECU111C belong to a VLAN (Virtual Local Area Network) 10, and the in-vehicle ECU111B and the in-vehicle ECU111D belong to a VLAN20 different from the VLAN 10.
Fig. 2 is a diagram showing setting information in the in-vehicle network according to the embodiment of the present disclosure.
For convenience, the port numbers of the communication ports 1A, 2A, 3A, and 4A of the relay device 100A are referred to as "1", "2", "3", and "4", respectively, and the port numbers of the communication ports 1B, 2B, 3B, and 4B of the relay device 100B are referred to as "1", "2", "3", and "4", respectively. Further, it is assumed that each in-vehicle ECU111 includes one communication port, and the port number of the communication port is set to "1".
Referring to fig. 2, the ID of the VLAN corresponding to the communication port 2A of the relay device 100A is "VLAN 10", the ID of the VLAN corresponding to the communication port 3A of the relay device 100A is "VLAN 20", and the IDs of the VLANs corresponding to the communication port 4A of the relay device 100A are "VLAN 10" and "VLAN 20".
Further, the IDs of the VLANs corresponding to the communication port 1B of the relay device 100B are "VLAN 10" and "VLAN 20", the ID of the VLAN corresponding to the communication port 2B of the relay device 100B is "VLAN 10", and the ID of the VLAN corresponding to the communication port 3B of the relay device 100B is "VLAN 20".
The ID of the VLAN corresponding to each communication port 1 of in- vehicle ECUs 111A and 111C is "VLAN 10", and the ID of the VLAN corresponding to each communication port 1 of in- vehicle ECUs 111B and 111D is "VLAN 20".
The relay device 100 performs, for example, relay processing of ethernet frames between the onboard ECUs 111 belonging to the same VLAN. Specifically, the relay device 100 transmits the ethernet frame to the in-vehicle ECU111 belonging to the same VLAN as the transmission source based on the transmission source MAC (Media Access Control) address and the transmission destination MAC address carried in the received ethernet frame.
The relay device 100 performs, for example, relay processing of IP packets between the in-vehicle ECUs 111 belonging to different VLANs. Specifically, the relay device 100 acquires an IP packet from the received ethernet frame, and transmits the IP packet to the in-vehicle ECU111 of a transmission destination belonging to a different VLAN from the transmission source based on the transmission destination IP address of the acquired IP packet.
[ Relay device ]
Fig. 3 is a diagram showing a configuration of a relay device according to an embodiment of the present disclosure. Fig. 3 shows a configuration of the relay apparatus 100A shown in fig. 1.
Referring to fig. 3, relay device 100A includes relay processing unit 110, detection unit 120, authentication result acquisition unit 130, authentication unit 140, setting unit 150, and storage unit 160. The storage unit 160 is, for example, a flash memory. The relay Processing Unit 110, the detection Unit 120, the authentication result acquisition Unit 130, the authentication Unit 140, and the setting Unit 150 are realized by processors such as a CPU (Central Processing Unit) and a DSP (Digital Signal Processor).
The relay processing unit 110 performs relay processing of ethernet frames between the in-vehicle ECUs 111.
More specifically, when receiving an ethernet frame from a certain vehicle-mounted ECU111 or relay device 100B via the corresponding ethernet cable 11, the relay processing unit 110 transmits the received ethernet frame to the vehicle-mounted ECU111 or relay device 100B of the transmission destination via the corresponding ethernet cable 11.
When receiving an ethernet frame addressed to the relay device 100 of the relay device from a new functional unit newly added to the in-vehicle network 12, the relay processing unit 110 outputs the received ethernet frame to the detection unit 120.
[ detection part ]
The detection unit 120 detects a new function unit newly added to the in-vehicle network 12.
Fig. 4 is a diagram showing a configuration of a communication system according to an embodiment of the present disclosure. Fig. 4 shows the configuration of the in-vehicle network 12 after the in-vehicle ECU111E is newly added to the in-vehicle network 12 shown in fig. 1.
Referring to fig. 4, the in-vehicle ECU111E is connected to the communication port 1A in the relay device 100A via the ethernet cable 11.
The in-vehicle ECU111E is an example of a new functional unit that is a functional unit newly added to the in-vehicle network 12.
Hereinafter, the in-vehicle network 12 including the new functional unit is also referred to as a new network, the in-vehicle network 12 before the new functional unit is added is also referred to as an existing network, and the functional unit included in the existing network is also referred to as an existing functional unit.
The in-vehicle ECU111E interacts ethernet frames with the functional unit to be communicated. Hereinafter, a function unit to be communicated with the new function unit is also referred to as a target function unit.
When connected to the relay device 100A via the ethernet cable 11, the in-vehicle ECU111E transmits information that can identify the in-vehicle ECU111 that is the communication target of itself to the relay device 100A.
More specifically, the in-vehicle ECU111E, when connected to the communication port 1A in the relay device 100A via the ethernet cable 11, generates connection request information including the ID, for example, the MAC address, of the in-vehicle ECU111C that is the own communication target.
Then, the in-vehicle ECU111E generates an ethernet frame carrying the generated connection request information, its own ID, the authentication password as the confidential information, and the MAC address of the relay apparatus 100A as the transmission destination MAC address, and transmits the generated ethernet frame to the relay apparatus 100A.
When the ethernet frame is received from the in-vehicle ECU111E via the relay processing unit 110, the detection unit 120 in the relay device 100A acquires the connection request information, the ID of the in-vehicle ECU111E, and the password for authentication from the received ethernet frame, thereby detecting that the in-vehicle ECU111E is added to the in-vehicle network 12.
The detection unit 120 outputs the acquired connection request information, the ID of the in-vehicle ECU111E, and the password for authentication to the authentication result acquisition unit 130.
[ authentication result acquisition section ]
The authentication result acquisition unit 130 is an example of an acquisition unit that acquires the authentication result of the in-vehicle ECU111E, which is a new functional unit newly added to the in-vehicle network 12.
For example, when receiving the connection request information, the ID of in-vehicle ECU111E, and the password for authentication from detection unit 120, authentication result acquisition unit 130 outputs the received connection request information, the ID of the new function unit, and the password for authentication to authentication unit 140.
When the authentication unit 140 receives the connection request information, the ID of the in-vehicle ECU111E, and the password for authentication from the authentication result acquisition unit 130, the authentication process of the in-vehicle ECU111E is performed using the received connection request information, the ID of the in-vehicle ECU111E, the password for authentication, and the like.
When the authentication unit 140 performs the authentication process and determines that the in-vehicle ECU111E is not a legitimate communication partner of the target functional unit, it outputs authentication information indicating a negative authentication result to the authentication result acquisition unit 130 as the authentication result of the in-vehicle ECU 111E.
Upon receiving the authentication information indicating a negative authentication result from the authentication unit 140, the authentication result acquisition unit 130 generates an ethernet frame carrying connection prohibition information indicating that connection is prohibited and the MAC address of the vehicle-mounted ECU111E as the transmission destination MAC address, and transmits the generated ethernet frame to the vehicle-mounted ECU111E via the relay processing unit 110.
On the other hand, when the authentication unit 140 performs the authentication process and confirms that the in-vehicle ECU111E is a legitimate communication partner of the target function unit indicated by the connection request information, it outputs authentication information indicating a positive authentication result to the authentication result acquisition unit 130 as the authentication result of the in-vehicle ECU 111E.
When receiving authentication information indicating a positive authentication result from the authentication unit 140, the authentication result acquisition unit 130 outputs the connection request information received from the detection unit 120 and the ID of the in-vehicle ECU111E to the setting unit 150.
[ setting section ]
If the authentication result acquired by the authentication result acquisition unit 130 is a positive result, the setting unit 150 can perform setting processing for at least one of the relay devices 100A and 100B and each function unit for causing the existing function unit and the in-vehicle ECU111E to communicate via the relay devices 100A and 100B.
Specifically, when the authentication result acquired by the authentication result acquisition unit 130 is a positive result, the setting unit 150 performs a setting process for each functional unit for causing the existing functional unit and the in-vehicle ECU111E to communicate via the own relay device 100A and relay device 100B.
More specifically, upon receiving the connection request information and the ID of the in-vehicle ECU111E from the authentication result acquisition unit 130, the setting unit 150 generates new network setting information for causing the target function unit indicated by the connection request information and the in-vehicle ECU111E to communicate via the relay devices 100A and 100B, based on the received connection request information and the ID of the in-vehicle ECU 111E.
For example, the storage unit 160 stores the setting information in the in-vehicle network 12 in which the connection relationship of the functional units is fixed as described above.
More specifically, the storage unit 160 stores setting information for causing each existing functional unit to communicate with the existing network. Specifically, the storage unit 160 stores the setting information shown in fig. 2 as the setting information of the existing network.
The setting unit 150 performs setting processing based on the setting information in the storage unit 160.
More specifically, the setting unit 150 generates the setting information of the new network based on the connection request information received from the authentication result acquisition unit 130 and the setting information of the existing network in the storage unit 160.
The setting unit 150 updates the existing setting information in the storage unit 160 to the generated new setting information.
Then, the setting unit 150 specifies a functional unit of the new network whose setting needs to be changed based on the updated setting information in the storage unit 160, and notifies the specified functional unit and the in-vehicle ECU111E of the setting contents.
[ example 1 of setting treatment ]
For example, as the setting process, the setting unit 150 performs a process of constructing a new virtual network for causing the in-vehicle ECU111E to communicate with one or more target function units.
Hereinafter, as shown in fig. 4, a case is assumed where the in-vehicle ECU111E as a new functional unit is added to the in-vehicle network 12, and the target functional unit indicated by the connection request information transmitted from the in-vehicle ECU111E is the in-vehicle ECU 111C.
Upon receiving the connection request information from the authentication result acquisition unit 130 that the target function unit is the in-vehicle ECU111C, the setting unit 150 generates setting information of a new network including a new virtual network for communication only by the in-vehicle ECU111E and the in-vehicle ECU 111C.
Specifically, the setting unit 150 generates setting information of a new network including a new VLAN30 for communication only by the in-vehicle ECU111E and the in-vehicle ECU 111C.
Fig. 5 is a diagram showing an example of a configuration in a new network of the communication system according to the embodiment of the present disclosure.
Fig. 6 is a diagram illustrating an example of setting information in a new network according to an embodiment of the present disclosure.
Referring to fig. 6, as setting information in the new network, setting unit 150 generates new setting information in which "VLAN 30" is added to the setting information in the existing network shown in fig. 2 as IDs of VLANs corresponding to communication ports 1A and 4A of its own relay device 100A, "VLAN 30" is added as an ID of a VLAN corresponding to communication ports 1B and 2B of relay device 100B, and "VLAN 30" is added as an ID of a VLAN corresponding to each communication port 1 of in- vehicle ECUs 111C and 111E.
The setting unit 150 updates the existing setting information in the storage unit 160 to the generated new setting information.
Based on the updated setting information stored in storage unit 160, setting unit 150 notifies relay device 100B, in-vehicle ECU111C, and in-vehicle ECU111E, which are functional units that require a change in setting in the new network, of the setting content.
For example, it is assumed that a virtual network, for example, VLAN50, is constructed in the in-vehicle network 12 so that the setting information for communication of each functional unit is interacted between the functional units. The setting unit 150 performs setting processing using VLAN 50.
More specifically, the setting unit 150 generates an ethernet frame carrying the setting information of the new network, and transmits the generated ethernet frame to the relay device 100B and the in- vehicle ECUs 111C and 111E via the relay processing unit 110 using the VLAN 50.
For example, the relay devices 100A and 100B transmit ethernet frames carrying the setting information by using an encryption scheme based on secret information shared in advance.
The in-vehicle ECU111E, the in-vehicle ECU111C, and the relay device 100B perform setting change in accordance with the setting information carried in the ethernet frame received from the setting unit 150 via the relay processing unit 110.
Specifically, the in-vehicle ECU111E adds "VLAN 30" as the VLAN corresponding to its own communication port 1, in accordance with the setting information carried in the received ethernet frame.
Further, the in-vehicle ECU111C adds "VLAN 30" as a VLAN corresponding to its own communication port 1, in accordance with the setting information carried in the received ethernet frame.
The setting unit 150 adds "VLAN 30" as a VLAN corresponding to the communication ports 1A and 4A of its own relay device 100A.
Further, the relay device 100B adds "VLAN 30" as a VLAN corresponding to its own communication port 1B, 2B, in accordance with the setting information carried in the received ethernet frame.
In this way, in communication system 300, when constructing a new VLAN30 for causing in-vehicle ECU111E to communicate with in-vehicle ECU111C, it is not necessary for relay device 100B to perform authentication processing on in-vehicle ECU 111E. That is, relay device 100B can change the setting according to the setting information received from setting unit 150 without performing the authentication process of in-vehicle ECU 111E.
[ example 2 of setting treatment ]
For example, when an existing virtual network is established, which is a virtual network for performing communication only by one or a plurality of target function units, the setting unit 150 performs a setting process regarding the in-vehicle ECU111E and its own relay device 100A for causing the in-vehicle ECU111E and the target function unit to perform communication using the existing virtual network as a setting process.
Hereinafter, as shown in fig. 4, a case is assumed where in-vehicle ECU111E is added as a new functional unit to in-vehicle network 12, and the target functional units indicated by the connection request information transmitted from in-vehicle ECU111E are in-vehicle ECU111A and in-vehicle ECU 111C.
Upon receiving the connection request information from the authentication result acquisition unit 130 that the target function unit is the in-vehicle ECU111A, 111C, the setting unit 150 generates new network setting information including a virtual network for causing the in-vehicle ECU111E to communicate with the in- vehicle ECUs 111A, 111C.
Specifically, when it is confirmed that the existing network includes VLAN10 for communication only between in-vehicle ECU111A and in-vehicle ECU111C by referring to the setting information in storage unit 160, setting unit 150 generates setting information of a new network for communication between in-vehicle ECU111E and in- vehicle ECUs 111A and 111C using VLAN 10.
Fig. 7 is a diagram showing another example of the configuration in the new network of the communication system according to the embodiment of the present disclosure.
Fig. 8 is a diagram showing another example of the setting information in the new network according to the embodiment of the present disclosure.
Referring to fig. 8, as setting information in the new network, setting unit 150 generates new setting information in which "VLAN 10" is added to the setting information of the existing network shown in fig. 2 as an ID of a VLAN corresponding to communication port 1A of its own relay device 100A, and "VLAN 10" is added as an ID of a VLAN corresponding to communication port 1 of in-vehicle ECU111E as a new functional unit.
The setting unit 150 updates the existing setting information in the storage unit 160 to the generated new setting information.
The setting unit 150 notifies the in-vehicle ECU111E, which is a functional unit that needs to change the setting in the new network, of the setting content based on the updated setting information in the storage unit 160.
More specifically, the setting unit 150 generates an ethernet frame carrying the setting information, and transmits the generated ethernet frame to the in-vehicle ECU111E via the relay processing unit 110 using the VLAN 50.
The in-vehicle ECU111E performs setting change according to the setting information carried in the ethernet frame received from the setting unit 150 via the relay processing unit 110.
Specifically, the in-vehicle ECU111E adds "VLAN 10" as the VLAN corresponding to its own communication port 1, in accordance with the setting information carried in the received ethernet frame.
The setting unit 150 adds "VLAN 10" as a VLAN corresponding to the communication port 1A of its own relay device 100A.
In this way, in communication system 300, when constructing a new VLAN30 for causing in-vehicle ECU111E to communicate with in-vehicle ECU111C, it is not necessary for relay device 100B to perform authentication processing on in-vehicle ECU 111E.
[ flow of actions ]
Each device in the communication system according to the embodiment of the present disclosure includes a computer including a memory, and an arithmetic processing unit such as a CPU in the computer reads out a program including a part or all of the steps of the following flowcharts and sequences from the memory and executes the program. The programs of these plurality of devices can be installed from the outside, respectively. The programs of these devices are distributed in a state of being stored in a recording medium.
Fig. 9 is a flowchart defining an operation procedure when the relay device constructs a new network in the communication system according to the embodiment of the present disclosure.
Referring to fig. 9, first, the relay device 100A waits for the addition of a new function unit to the in-vehicle network 12 (no in step S102), and when it is detected that a new function unit is added to the in-vehicle network 12 (yes in step S102), performs an authentication process of the detected new function unit (step S104).
Next, when the authentication result is negative (no in step S106), the relay device 100A transmits connection prohibition information indicating that connection is to be prohibited to the new functional unit (step S108).
Next, the relay device 100A waits for a new function unit to be added to the in-vehicle network 12 (no in step S102).
On the other hand, if the authentication result is positive (yes in step S106), the relay device 100A generates new network setting information for causing the relay device 100B and the target functional unit to communicate with the new functional unit (step S110).
Next, the relay device 100A identifies the functional unit that needs to change the setting in the new network based on the generated setting information, and transmits the setting information to the identified functional unit and the in-vehicle ECU111E (step S112).
Next, the relay device 100A waits for a new function unit to be added to the in-vehicle network 12 (no in step S102).
Fig. 10 is a diagram showing an example of a sequence of a new network building process in the communication system according to the embodiment of the present disclosure. Fig. 10 shows an example of the timing of the new network building process shown in fig. 5.
Referring to fig. 10, in the conventional in-vehicle network 12, the in-vehicle ECU111A and the in-vehicle ECU111C belong to the same VLAN10, and communicate with each other via the relay devices 100A and 100B using the VLAN10 (step S202).
Next, the in-vehicle ECU111E, which is a new functional section newly added in the in-vehicle network 12, transmits, when connected to the relay device 100A, connection request information including information capable of specifying the in-vehicle ECU111C, which is the communication partner of itself, to the relay device 100A (step S204).
Next, when receiving the connection request information from the in-vehicle ECU111E, the relay device 100A detects the in-vehicle ECU111E and performs the authentication process of the in-vehicle ECU111E (step S206).
Next, if the authentication result is positive, the relay device 100A generates new network setting information for causing the relay device 100B and the in-vehicle ECU111C to communicate with the in-vehicle ECU111E using the VLNA 30. Specifically, the setting information as shown in fig. 6 is generated (step S208).
Next, the relay device 100A transmits the generated setting information to the relay device 100B, the in-vehicle ECU111C, and the in-vehicle ECU111E, which are functional units that require a change in setting in the new network (step S210).
Next, the relay device 100A changes the setting based on the generated setting information (step S212).
Further, the in-vehicle ECU111E changes the setting in accordance with the setting information received from the relay device 100A (step S214).
Further, the relay device 100B performs setting change in accordance with the setting information received from the relay device 100A (step S216).
Further, the in-vehicle ECU111C changes the setting in accordance with the setting information received from the relay device 100A (step S218).
Next, in the new network 12, the in-vehicle ECU111A and the in-vehicle ECU111C communicate with each other via the relay devices 100A and 100B using the VLAN10 (step S220).
In the new network 12, the in-vehicle ECU111E and the in-vehicle ECU111C communicate with each other via the relay devices 100A and 100B using the newly generated VLAN30 (step S222).
Fig. 11 is a diagram showing another example of the sequence of the new network building process in the communication system according to the embodiment of the present disclosure. Fig. 11 shows an example of the timing of the new network building process shown in fig. 7.
Referring to fig. 11, in the conventional in-vehicle network 12, the in-vehicle ECU111A and the in-vehicle ECU111C belong to the same VLAN10, and communicate with each other via the relay devices 100A and 100B using the VLAN10 (step S302).
Next, the in-vehicle ECU111E, which is a new functional unit newly added to the in-vehicle network 12, transmits, to the relay device 100A, connection request information including information that can specify the in- vehicle ECUs 111A, 111C, which are communication targets of itself, when connected to the relay device 100A (step S304).
Next, when receiving the connection request information from the in-vehicle ECU111E, the relay device 100A detects the in-vehicle ECU111E and performs the authentication process of the in-vehicle ECU111E (step S306).
Next, if the authentication result is positive, the relay device 100A generates new network setting information for causing the relay device 100B and the in- vehicle ECUs 111A and 111C to communicate with the in-vehicle ECU111E using the VLNA 10. Specifically, the setting information as shown in fig. 8 is generated (step S308).
Next, the relay device 100A transmits the generated setting information to the in-vehicle ECU111E, which is a functional unit that requires a change in setting in the new network (step S310).
Next, the relay device 100A performs setting change based on the generated setting information (step S312).
In addition, in-vehicle ECU111E changes the setting in accordance with the setting information received from relay device 100A (step S314).
Next, in the new network 12, the in-vehicle ECU111A, the in-vehicle ECU111C, and the in-vehicle ECU111E communicate with each other via the relay devices 100A and 100B using the VLAN10 (step S316).
Note that, in the communication system 300 according to the embodiment of the present disclosure, the configuration is adopted in which the relay device 100A of the two relay devices 100 is used as a setting device to acquire the authentication result of the in-vehicle ECU111E and perform the setting process, and the relay device 100A is the connection destination of the in-vehicle ECU111E that is a new functional unit, but the present invention is not limited thereto. The relay device 100B, which is the relay device 100 not connected to the in-vehicle ECU111E, of the two relay devices 100 may be configured to perform the process of acquiring and setting the authentication result.
Further, it may be configured such that a device other than the relay device 100 in the in-vehicle network 12 performs the acquisition of the authentication result and the setting process as a setting device. For example, it may be configured such that a device that is not located on the communication path between the new function unit and the target function unit in the in-vehicle network 12 performs the authentication result acquisition and setting processing as a setting device.
Further, a device external to the vehicle, for example, the server 200 may be configured to perform the acquisition of the authentication result and the setting process as a setting device. In this case, the server 200 performs acquisition of connection request information that can specify the target function unit, acquisition of an authentication result, setting processing, and the like transmitted from the in-vehicle ECU111E by communicating with the TCU in the in-vehicle network 12.
In the communication system 300 according to the embodiment of the present disclosure, the in-vehicle ECU111E serving as the new functional unit is configured to transmit the connection request information including the MAC address of the in-vehicle ECU111C to the relay device 100A as the information that can specify the in-vehicle ECU111C serving as the target functional unit, but the present invention is not limited to this. The in-vehicle ECU111E may be configured to transmit other information such as the IP address of the in-vehicle ECU111C to the relay device 100A as information that can specify the in-vehicle ECU 111C.
In the relay device 100A according to the embodiment of the present disclosure, the authentication result acquisition unit 130 is configured to acquire the authentication result of the in-vehicle ECU111E from the authentication unit 140 in the relay device 100A itself, but the present invention is not limited to this. The authentication result acquisition unit 130 may be configured to acquire the authentication result of the in-vehicle ECU111E from a device other than the own relay device 100A.
In the relay device 100A according to the embodiment of the present disclosure, the detection unit 120 is configured to detect the in-vehicle ECU111, which is a new functional unit newly added to the in-vehicle network 12, but the configuration is not limited to this. The detection unit 120 may be configured to detect an application installed on an existing in-vehicle ECU111 in the in-vehicle network 12 as a new function unit. That is, the new function unit may be hardware or software.
In relay device 100A according to the embodiment of the present disclosure, setting unit 150 generates setting information of a new network based on the setting information of the existing network in storage unit 160, but is not limited to this. The setting unit 150 may be configured to transmit an information request notification to the respective function units in the in-vehicle network 12, the information request notification indicating the setting content of the respective function units, and generate the setting information of the new network based on the setting content received from the respective function units in response to the information request notification.
In the relay device 100A according to the embodiment of the present disclosure, the setting unit 150 transmits the setting information to each of the functional units using the VLAN50, where the VLAN50 is used to cause the setting information to be exchanged between the functional units in the in-vehicle network 12, but the present invention is not limited thereto. The setting unit 150 may be configured to transmit the setting information to the function unit of the transmission destination using a VLAN for performing communication between some function units in the in-vehicle network 12.
For example, the relay devices 100A and 100B may be configured to exchange setting information and the like using an API (Application Programming Interface) for setting a network used in a consumer product.
In relay device 100A according to the embodiment of the present disclosure, setting unit 150 specifies a functional unit that requires a change in setting in a new network, and transmits updated setting information to the specified functional unit and in-vehicle ECU 111E. The setting unit 150 may be configured to generate setting change information indicating the content of the setting change of each function unit for each of the identified function units and the in-vehicle ECU111E, and transmit the corresponding setting change information to the identified function unit and the in-vehicle ECU 111E.
[ problem ] to
For example, by adding a high-performance sensor that transmits a measurement result to an automated driving ECU in an existing in-vehicle network 12 including the automated driving ECU as an example of the in-vehicle ECU111, the control function of the automated driving ECU in automated driving can be improved.
As described above, there is a need for a technique for customizing the on-vehicle network 12 by newly adding the on-vehicle ECU111 to the existing on-vehicle network 12.
However, in a situation where the in-vehicle ECU111 is newly added to the in-vehicle network 12, it may not be preferable to communicate the in-vehicle ECU111 and the target function unit using the existing virtual network in the new in-vehicle network 12 from the viewpoint of the security of the in-vehicle network 12.
The following description will be specifically made. Hereinafter, as shown in fig. 4, a case is assumed where the in-vehicle ECU111E is added as a new functional unit to the in-vehicle network 12, and the target functional unit indicated by the connection request information transmitted from the in-vehicle ECU111E is the in-vehicle ECU 111C.
For example, when the relay device 100A receives the connection request information from the in-vehicle ECU111E and constructs a new network as shown in fig. 7, the in-vehicle ECU111E can communicate not only with the in-vehicle ECU111C as the target functional unit but also with the in-vehicle ECU111A that does not originally need to communicate.
For example, in the case where the in-vehicle ECU111E is an unauthorized ECU, not only the in-vehicle ECU111C but also the in-vehicle ECU111A may be accessed illegally.
In order to avoid unauthorized access to the in-vehicle ECU111A, it is conceivable to configure a new network that allows only the in-vehicle ECU111E to communicate with the in-vehicle ECU111C as the target functional unit, for example, a new network as shown in fig. 5.
However, in the case of configuring the new network as shown in fig. 5, it is necessary to perform authentication processing of the in-vehicle ECU111E and change the network configuration in the relay devices 100A and 100B, which are the relay devices 100 present on the communication path between the in-vehicle ECU111E and the in-vehicle ECU 111C.
Therefore, it takes time from when the in-vehicle ECU111E is added to the in-vehicle network 12 until the in-vehicle ECU111E and the in-vehicle ECU111C can communicate with each other.
Further, it is necessary to provide an authentication function for authenticating the newly added in-vehicle ECU111E in all the relay devices 100 present on the communication path between the in-vehicle ECU111E and the in-vehicle ECU111C, which increases the cost required for hardware and software development.
In contrast, in the relay device 100A according to the embodiment of the present disclosure, the authentication result acquisition unit 130 acquires the authentication result of a new functional unit that is newly added to the in-vehicle network 12 including one or more functional units. If the authentication result obtained by the authentication result obtaining unit 130 is a positive result, the setting unit 150 can perform a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network 12 before a new functional unit is added, and a new functional unit to communicate via the plurality of relay devices 100A and 100B that can relay information between the functional units.
In this way, when the authentication result of the new function unit is positive, the configuration in which the relay device 100A performs the setting process related to at least one of the relay devices 100A and 100B, the existing function unit, and the new function unit for causing the existing function unit and the new function unit to communicate via the plurality of relay devices 100A and 100B allows, for example, the authentication process of the new function unit by a part of the relay devices 100B in the in-vehicle network 12 to be omitted when constructing a network for causing the existing function unit and the new function unit to communicate via the plurality of relay devices 100A and 100B.
Therefore, in the relay device 100A according to the embodiment of the present disclosure, it is possible to flexibly construct a network having a new configuration by a simple process while ensuring security in the network.
In the relay device 100A according to the embodiment of the present disclosure, the storage unit 160 stores setting information for causing each functional unit in the in-vehicle network 12 to perform communication. The setting unit 150 performs setting processing based on the setting information in the storage unit 160.
In this way, the configuration in which the storage unit 160 holds the setting information of the on-vehicle network 12 having a substantially fixed network configuration and the setting information of the new on-vehicle network 12 is generated using the setting information of the existing on-vehicle network 12 acquired from the storage unit 160 when the new on-vehicle network 12 including the new functional unit is constructed can simplify the construction process of the new on-vehicle network 12.
In the relay device 100A according to the embodiment of the present disclosure, the setting unit 150 performs the setting process using a virtual network for transmitting setting information for causing each functional unit in the in-vehicle network 12 to perform communication to each functional unit.
With this configuration, the setting information can be transmitted from the relay device 100A to each functional unit in the in-vehicle network 12 using the virtual network, and thus the setting processing for each functional unit can be simplified.
In the relay device 100A according to the embodiment of the present disclosure, the setting unit 150 performs, as the setting process, a process of constructing a new virtual network for causing the new functional unit to communicate with one or more existing functional units to be communicated with the new functional unit.
With such a configuration, it is possible to suppress adverse effects such as unauthorized access to an existing functional unit that is not a communication target of the new functional unit, as new functional units are added to the in-vehicle network 12.
In the relay device 100A according to the embodiment of the present disclosure, when an existing virtual network is established, which is a virtual network for performing communication only by one or a plurality of existing functional units to be communicated with, the new functional unit, the setting unit 150 performs, as the setting process, a setting process related to the new functional unit and the relay device 100A for causing the new functional unit and the one or a plurality of existing functional units to be communicated with each other to perform communication using the existing virtual network.
According to this configuration, by performing the setting process of adding the new function unit to the existing virtual network, it is not necessary to perform the process of constructing the new network for performing communication only by the new function unit and the existing function unit to be communicated with.
The communication system 300 according to the embodiment of the present disclosure includes the relay device 100A and a new function unit that is newly added to the in-vehicle network 12, and the in-vehicle network 12 includes one or more function units. The relay device 100A acquires information that is transmitted from the new functional unit and that can specify the functional unit to be communicated with the new functional unit. The relay device 100A acquires the authentication result of the new functional unit. If the obtained authentication result is positive, the relay device 100A transmits setting information for causing the communication target functional unit and the new functional unit to communicate via the plurality of relay devices 100A and 100B to the new functional unit, and the relay devices 100A and 100B can relay information between the functional units. The new function unit performs its own setting based on the setting information received from the relay device 100A.
In this way, by the configuration in which the relay device 100A transmits the setting information for causing the existing function unit and the new function unit as the communication targets to communicate via the plurality of relay devices 100A and 100B to the new function unit when the authentication result of the new function unit is positive, it is possible to omit the authentication processing of the new function unit by a part of the relay devices 100B in the in-vehicle network 12, and the like, for example, when constructing a network for causing the existing function unit and the new function unit to communicate via the plurality of relay devices 100A and 100B.
Therefore, in the communication system 300 according to the embodiment of the present disclosure, it is possible to flexibly construct a network having a new configuration by a simple process while securing security in the network.
The vehicle communication management method according to the embodiment of the present disclosure is a vehicle communication management method in the relay device 100A. In the vehicle communication management method, first, the relay device 100A acquires the authentication result of a new functional section that is a functional section newly added in the in-vehicle network 12, the in-vehicle network 12 including one or more functional sections. Next, when the obtained authentication result is a positive result, the relay device 100A performs a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network 12 before the addition of the new functional unit, and the new functional unit to communicate via the plurality of relay devices 100A and 100B capable of relaying information between the functional units, the setting process being related to at least one of the relay devices 100A and 100B, the existing functional unit, and the new functional unit.
In this way, by performing the setting processing related to at least one of the relay devices 100A and 100B, the existing function unit, and the new function unit for causing the existing function unit and the new function unit to communicate via the plurality of relay devices 100A and 100B when the authentication result of the new function unit is positive, for example, when a network for causing the existing function unit and the new function unit to communicate via the plurality of relay devices 100A and 100B is constructed, the authentication processing of the new function unit by a part of the relay devices 100B in the in-vehicle network 12 can be omitted.
Therefore, the vehicle communication management method according to the embodiment of the present disclosure can flexibly construct a network having a new configuration by a simple process while ensuring security in the network.
The vehicle communication management method according to the embodiment of the present disclosure is a vehicle communication management method in the communication system 300 including the relay device 100A and a new functional unit that is a functional unit newly added to the in-vehicle network 12, and the in-vehicle network 12 includes one or more functional units. In this vehicle communication management method, first, the relay device 100A acquires information that is transmitted from the new functional unit and that can specify the functional unit to be communicated with the new functional unit. Next, the relay device 100A acquires the authentication result of the new function unit. Next, when the acquired authentication result is a positive result, the relay device 100A transmits setting information for causing the communication-target functional unit and the new functional unit to communicate via the plurality of relay devices 100A and 100B to the new functional unit, and the relay devices 100A and 100B can relay information between the functional units. Next, the new function unit performs its own setting based on the setting information received from the relay device 100A.
In this way, by the method in which the relay device 100A transmits the setting information for causing the existing function unit and the new function unit to communicate with each other via the plurality of relay devices 100A and 100B when the authentication result of the new function unit is positive, for example, when a network for causing the new existing function unit and the new function unit to communicate with each other via the plurality of relay devices 100A and 100B is constructed, it is possible to omit the authentication process of the new function unit by a part of the relay devices 100B in the in-vehicle network 12, and the like.
Therefore, the vehicle communication management method according to the embodiment of the present disclosure can flexibly construct a network having a new configuration by a simple process while ensuring security in the network.
The above-described embodiments should be considered in all respects as illustrative and not restrictive. The scope of the present invention is shown not by the above description but by the claims, and is intended to include all modifications within the meaning and scope equivalent to the claims.
The above description includes the features noted below.
[ Note 1]
A relay device capable of relaying information between functional units in an in-vehicle network including one or more functional units, the relay device comprising:
a detection unit that detects a new function unit that is newly added to the in-vehicle network;
an acquisition unit that acquires an authentication result of the new function unit detected by the detection unit; and
and a setting unit that performs a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, and the new functional unit to communicate with the existing functional unit via a plurality of relay devices capable of relaying information between the functional units, when the authentication result acquired by the acquisition unit is a positive result.
[ Note 2]
A setting device is provided with:
an acquisition section that acquires an authentication result of a new function section that is a function section newly added in an in-vehicle network including one or more function sections; and
a setting unit that performs a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, and the new functional unit to communicate with the existing functional unit via a plurality of relay devices capable of relaying information between the functional units, when the authentication result acquired by the acquisition unit is a positive result,
the acquisition unit and the setting unit are realized by a processor.
[ Note 3]
An in-vehicle communication system is provided with:
a first relay device capable of relaying information between functional units in an in-vehicle network including a plurality of functional units, and a second relay device connected to the first relay device; and
a new function section that is the function section newly added in the in-vehicle network,
the new function unit transmits information capable of specifying the function unit to which the new function unit is to communicate to the first relay apparatus,
the first relay device detects that the new function section is added to the in-vehicle network,
the first relay apparatus acquires the authentication result of the detected new function portion,
in a case where the acquired authentication result is a positive result, the first relay device transmits, to the new function unit, setting information for causing the function unit as the communication target and the new function unit to communicate via the first relay device and the second relay device,
the new function unit performs its own setting based on the setting information received from the first relay device.
[ Note 4]
An in-vehicle communication system is provided with:
a setting device; and
a new function section that is a function section newly added in an in-vehicle network including one or more function sections,
the setting device acquires information that is transmitted from the new function unit and that can specify the function unit to which the new function unit is to be communicated,
the setting means acquires the authentication result of the new function portion,
in a case where the acquired authentication result is a positive result, the setting device transmits, to the new function unit, setting information for causing the function unit as the communication target and the new function unit to communicate via a plurality of relay devices capable of relaying information between the function units,
the new function section performs its own setting based on the setting information received from the setting device,
the functional portion is an ECU.
Description of the reference numerals
1. 2, 3, 4 communication port
11 Ethernet cable
12 vehicle network
100 relay device
110 relay processing unit
111 vehicle ECU
120 detection part
130 authentication result acquisition unit
140 authentication unit
150 setting unit
160 storage unit
200 server
300 communication system.

Claims (8)

1. A setting device is provided with:
an acquisition section that acquires an authentication result of a new function section that is a function section newly added in an in-vehicle network including one or more function sections; and
a setting unit configured to enable a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, to communicate with the new functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit, when the authentication result acquired by the acquisition unit is a positive result.
2. The setting device according to claim 1,
the setting device further includes a storage unit that stores setting information for causing each of the functional units in the in-vehicle network to communicate,
the setting unit performs the setting process based on the setting information in the storage unit.
3. The setting device according to claim 1 or 2,
the setting unit performs the setting process using a virtual network for transmitting, to the function units, setting information for causing the function units in the in-vehicle network to communicate.
4. The setting device according to any one of claims 1 to 3,
the setting unit performs, as the setting process, a process of constructing a new virtual network for causing the new functional unit to communicate with one or more existing functional units that are communication targets of the new functional unit.
5. The setting device according to any one of claims 1 to 3,
when an existing virtual network is established, which is a virtual network for performing communication only by one or more existing functional units to be communicated with the new functional unit, the setting unit performs, as the setting process, a setting process relating to the new functional unit and the relay device for causing the new functional unit to perform communication with the one or more existing functional units to be communicated with using the existing virtual network.
6. A communication system is provided with:
a setting device; and
a new function section that is a function section newly added in an in-vehicle network including one or more function sections,
the setting device acquires information that is transmitted from the new function unit and that can specify the function unit to which the new function unit is to be communicated,
the setting means acquires the authentication result of the new function portion,
in a case where the acquired authentication result is a positive result, the setting device transmits, to the new function unit, setting information for causing the function unit as the communication target and the new function unit to communicate via a plurality of relay devices capable of relaying information between the function units,
the new function unit performs its own setting based on the setting information received from the setting device.
7. A vehicle communication management method that is a vehicle communication management method in a setting device, the vehicle communication management method comprising:
acquiring an authentication result of a new functional section, the new functional section being a functional section newly added in an in-vehicle network including one or more functional sections; and
and performing, when the obtained authentication result is a positive result, a setting process for causing an existing functional unit, which is a functional unit included in the in-vehicle network before the new functional unit is added, to communicate with the new functional unit via a plurality of relay devices capable of relaying information between the functional units, the setting process being related to at least one of the relay devices, the existing functional unit, and the new functional unit.
8. A vehicle communication management method in a communication system, the communication system including a setting device and a new function unit that is a function unit newly added to an in-vehicle network including one or more function units,
the vehicle communication management method includes the steps of:
the setting device acquires information that is transmitted from the new function unit and that can specify the function unit to which the new function unit is to be communicated;
the setting device acquires an authentication result of the new function unit;
in a case where the acquired authentication result is a positive result, the setting device transmits, to the new function unit, setting information for causing the function unit that is the communication target and the new function unit to communicate via a plurality of relay devices that can relay information between the function units; and
the new function unit performs its own setting based on the setting information received from the setting device.
CN202080038012.7A 2019-05-30 2020-03-10 Setting device, communication system, and vehicle communication management method Active CN113853769B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2019-101427 2019-05-30
JP2019101427 2019-05-30
PCT/JP2020/010264 WO2020240984A1 (en) 2019-05-30 2020-03-10 Setting device, communication system, and vehicle communication management method

Publications (2)

Publication Number Publication Date
CN113853769A true CN113853769A (en) 2021-12-28
CN113853769B CN113853769B (en) 2023-05-23

Family

ID=73552307

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080038012.7A Active CN113853769B (en) 2019-05-30 2020-03-10 Setting device, communication system, and vehicle communication management method

Country Status (4)

Country Link
US (1) US20220231997A1 (en)
JP (2) JP7396356B2 (en)
CN (1) CN113853769B (en)
WO (1) WO2020240984A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103238305A (en) * 2010-05-28 2013-08-07 安全第一公司 Accelerator system for use with secure data storage
CN103797759A (en) * 2011-09-12 2014-05-14 丰田自动车株式会社 Vehicle-mounted gateway apparatus and vehicle communication system
US20170134164A1 (en) * 2014-11-12 2017-05-11 Panasonic Intellectual Property Corporation Of America Update management method, update management system, and non-transitory recording medium
US20180367546A1 (en) * 2015-06-17 2018-12-20 Autonetworks Technologies, Ltd. Vehicle-mounted relay device, vehicle-mounted communication system and relay program
JP2019016247A (en) * 2017-07-10 2019-01-31 住友電気工業株式会社 Authentication control apparatus, authentication control method, and authentication control program

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003244185A (en) 2002-02-18 2003-08-29 Matsushita Electric Ind Co Ltd Vlan and vlan frame switching apparatus
JP5320095B2 (en) 2009-02-03 2013-10-23 パナソニック株式会社 Network system
JP5588220B2 (en) * 2009-05-22 2014-09-10 コイト電工株式会社 Communication data giving method and apparatus, mobile body information collection system and mobile body apparatus of the system, vehicle formation network system and onboard apparatus of the system
JP5334693B2 (en) 2009-06-04 2013-11-06 アライドテレシスホールディングス株式会社 Network management method, network management program, network system, and relay device
US8543280B2 (en) * 2011-04-29 2013-09-24 Toyota Motor Engineering & Manufacturing North America, Inc. Collaborative multi-agent vehicle fault diagnostic system and associated methodology
JP5625217B2 (en) 2011-07-04 2014-11-19 アラクサラネットワークス株式会社 Network management system and management computer
WO2013161873A1 (en) 2012-04-27 2013-10-31 株式会社フジクラ Communication system
JP6531420B2 (en) 2015-02-16 2019-06-19 日本電気株式会社 Control device, communication system, management method of virtual network function and program
US9865112B2 (en) * 2016-06-03 2018-01-09 Volkswagen Aktiengesellschaft Apparatus, system and method for dynamic identification for vehicle access

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103238305A (en) * 2010-05-28 2013-08-07 安全第一公司 Accelerator system for use with secure data storage
CN103797759A (en) * 2011-09-12 2014-05-14 丰田自动车株式会社 Vehicle-mounted gateway apparatus and vehicle communication system
US20170134164A1 (en) * 2014-11-12 2017-05-11 Panasonic Intellectual Property Corporation Of America Update management method, update management system, and non-transitory recording medium
US20180367546A1 (en) * 2015-06-17 2018-12-20 Autonetworks Technologies, Ltd. Vehicle-mounted relay device, vehicle-mounted communication system and relay program
JP2019016247A (en) * 2017-07-10 2019-01-31 住友電気工業株式会社 Authentication control apparatus, authentication control method, and authentication control program

Also Published As

Publication number Publication date
CN113853769B (en) 2023-05-23
US20220231997A1 (en) 2022-07-21
JP7396356B2 (en) 2023-12-12
WO2020240984A1 (en) 2020-12-03
JPWO2020240984A1 (en) 2020-12-03
JP2024020560A (en) 2024-02-14

Similar Documents

Publication Publication Date Title
US9635151B2 (en) In-vehicle communication system and in-vehicle relay apparatus
US9591480B2 (en) Method and device for secure communication of a component of a vehicle with an external communication partner via a wireless communication link
US11444939B2 (en) Authentication control device, authentication control method, and authentication control program
US20140032800A1 (en) Vehicle message filter
CN112805968B (en) In-vehicle communication device, communication control method, and communication control program
CN110337799A (en) The motor vehicle of data network with vehicle interior and the method for running motor vehicle
CN111788796B (en) Vehicle-mounted communication system, exchange device, authentication method, and computer-readable storage medium
CN107817779A (en) The system and method for the unregistered device of Information Authentication based on Ethernet switch
CN113557697B (en) Management device, vehicle communication system, vehicle communication management method, and vehicle communication management program
KR20180072339A (en) Methods of transmitting message between a plurality of Electronic Control Units at in-vehicle network
CN113475044B (en) Management device, communication system, vehicle communication management method, and vehicle communication management program
US10250434B2 (en) Electronic control apparatus
JP2018041200A (en) On-vehicle communication equipment, management device, management method, and monitoring program
WO2021005949A1 (en) Relay device and vehicle communication method
CN109315005B (en) Automatic updating of connections to movable objects
CN113853769B (en) Setting device, communication system, and vehicle communication management method
JP7476896B2 (en) Relay device, vehicle communication method, and vehicle communication program
KR20210075771A (en) Apparatus for communication for light-weight secre in in-vehicle network
CN114503616A (en) Relay device, in-vehicle communication system, vehicle, and in-vehicle communication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant